ユーザ作成

 

メールフォルダ作成 skel

# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/

 

メールユーザ作成

# useradd -s /sbin/nologin yuu
# passwd yuu

 

 

Postfix

 

# vi /etc/postfix/main.cf


#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail1.example.net



#mydomain = domain.tld
mydomain = example.net


#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
inet_interfaces = all


# Enable IPv4, and IPv6 if supported
#inet_protocols = all
inet_protocols = ipv4



#home_mailbox = Mailbox
#home_mailbox = Maildir/
home_mailbox = Maildir/


mydestination = $myhostname, localhost.$mydomain, localhost, mail1.example.net.space, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#       mail.$mydomain, www.$mydomain, ftp.$mydomain




※最終行に追加

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
                               reject_unauth_destination

 

# yum install cyrus-sasl

Installed:
  cyrus-sasl.x86_64 0:2.1.26-23.el7

Complete!

 

# systemctl start saslauthd
# systemctl enable saslauthd

 

 

# saslpasswd2 -u example.net yuu

Password:パスワード入力
Again (for verification):パスワード入力

 

反映

# sasldblistusers2

yuu@example.net: userPassword

 

# chown postfix /etc/sasldb2

 

# vi /etc/postfix/master.cf


smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

 

 

# systemctl restart postfix
# systemctl enable postfix

 

 

Dovecot

 

# yum install dovecot

 

# vi /etc/dovecot/dovecot.conf


#listen = *, ::
listen = *

 

 

 

# vi /etc/dovecot/conf.d/10-auth.conf


# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
#disable_plaintext_auth = yes
disable_plaintext_auth = no


#auth_mechanisms = plain
auth_mechanisms = plain login

 

 

# vi /etc/dovecot/conf.d/10-mail.conf

#mail_location =
mail_location = maildir:~/Maildir

 

# vi /etc/dovecot/conf.d/10-master.conf


service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }


↓変更

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }




service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}

↓変更

service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}





  # Postfix smtp-auth
  #unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
  #}

↓変更

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

 

# vi /etc/dovecot/conf.d/10-ssl.conf

#ssl = required
ssl = no

 

 

# systemctl restart dovecot
# systemctl enable dovecot

 

# postfix check
# systemctl restart postfix
# systemctl enable postfix

# systemctl restart dovecot
# systemctl enable dovecot

# systemctl restart saslauthd
# systemctl enable saslauthd

 

 

セカンダリメールサーバ

 

# vi /etc/postfix/main.cf


#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
inet_interfaces = all


transport_maps = hash:/etc/postfix/transport
relay_domains = example.net
maximal_queue_lifetime = 20d
bounce_queue_lifetime  = 20d

 

 

# vi /etc/postfix/transport

example.net     smtp:[mail1.example.net]

 

# postmap /etc/postfix/transport

 

# postfix check
# systemctl postfix restart